Storage devices have “stepped out” from behind the protection of servers to be connected directly to the network rather than being connected to the network through a storage server, as shown in FIG. 3. Under the older scheme of networked storage, a storage server (34) provided access over a computer network (31) such as a local area network (“LAN”) or the Internet to one or more storage resources (35) for one or more client systems (32, 33). In this older arrangement, the storage server could enforce access privileges for clients to the storage resources, or deny access to or modification of data stored in the resources.
Using newer network storage devices which are capable of being directly interfaced to a computer network (31) without the intervening support of a storage server, clients (32, 33) may now access data residing on Network Storage Devices (“NSD”) (36, 37) with minimal intervention from a file manager (38).
There is, however, still a need to provide proper access control, privacy and data integrity while accessing this data from a client. The need to protect enterprise data, databases, web objects and program files does not change even though the hardware arrangement has been improved from the older, storage server-based arrangement.
Additionally, there is a need for mechanisms and processes that limit the damage done as a result of a security breach. Some of these security issues have been addressed for individual storage devices such as ownership, authorization, and authentication schemes. However, there is a need for online storage systems which allow efficient recovery from breaches in security and hardware failures, as well as a need to make these storage devices highly available and scalable.
Replication is a well-known process employed to provide rapid data recovery, high availability, and storage system scalability in networked storage arrangements. Replication includes creating and managing duplicate versions of data, files and databases. The set of replicas are not only initially copied from an original, but are continuously synchronized to reflect the current state of the original. Thus, modifications or additions to the original data are “replicated” to the replicas by a replication manager (41) as shown in the enhanced arrangement (40) of FIG. 4.
So, in this figure, an original database may be stored on a first NSD (36), and a replica may be managed on a second NSD (37). To provide minimized possibilities of losing both the original and replica data, the replicas are typically maintained in a geographically disparate arrangement with the original so that an event such as a flood, earthquake, power outage, etc., at one site will not take out all the replicas. For high availability, the file manager (38) may quickly reconfigure to use a replica as the original after such an event.
Scalability is provided in this arrangement as the replication manager (41) may distribute portions of the original onto multiple storage devices, thus realizing a replica which is comprised of multiple portions on multiple storage devices. As the original data amount grows, additional portions of replica data may also easily be added with additional storage devices. For rapid recovery from a loss of some (or all) the original data, the replication manager (41) may direct all accesses to the data to the appropriate replica portion.
Data storage systems often organize (50) data into logical volumes (51), as shown in FIG. 5. Each logical volume has one or more aggregators (52) which are responsible for combining one or more partitions (54–59). Each partition may be stored separately on a storage device (503), or with other partitions on a storage device (501, 502). A “pass through” layer (500) provides hardware to software mapping and interfacing such that from the perspective of software accesses to the logical volume, different types of storage devices (e.g. hard drives, RAM, cache, removable storage, tape, etc.) appear within the logical volume equally accessible and well organized. Replication systems, such as the well-known IBM Lotus Notes product, handle replication within such networked storage arrangements well.
Existing security systems allow for controlled access to and modification of data in networked storage devices either through a storage server (34) in the older arrangement, or by ownership at a hardware (e.g. device) level for directly connected storage devices (36, 37). As such, if security for a specific NSD is comprised, the data of the entire NSD may be lost or corrupted.
Therefore, there is a need in the art for a security system replicated online data storage arrangement which is not susceptible to device-level security breaches while maintaining the high availability, quick recovery and scalability of such replicated storage systems.